Saturday, Jul 11, 2026
English News
  • Hyderabad
  • Telangana
  • AP News
  • India
  • World
  • Entertainment
  • Sport
  • Science and Tech
  • Business
  • Rewind
  • ...
    • NRI
    • View Point
    • cartoon
    • My Space
    • Education Today
    • Reviews
    • Property
    • Lifestyle
E-Paper
  • NRI
  • View Point
  • cartoon
  • My Space
  • Reviews
  • Education Today
  • Property
  • Lifestyle
Home | Business | Cyber Fraudsters Using Digital Lutera Toolkit To Bypass Upi Security Report

Cyber fraudsters using ‘Digital Lutera’ toolkit to bypass UPI security: Report

CloudSEK has warned of a new cyber fraud technique that manipulates Android devices, intercepts OTPs and bypasses UPI security; UPI custodian NPCI says robust safeguards exist to manage such risks

By PTI
Published Date - 11 March 2026, 07:57 PM
Cyber fraudsters using ‘Digital Lutera’ toolkit to bypass UPI security: Report
whatsapp facebook twitter telegram

New Delhi: Online fraudsters are using new technology that bypasses security features of UPI apps to carry out financial transactions, cyber intelligence firm CloudSEK claimed in a report.

According to the report, the firm has identified at least 20 active groups on messaging platform Telegram, each with over 100 members, where a toolkit by the name of “Digital Lutera” is being discussed, distributed, and operationalised.

Also Read

  • UPI transactions surge 27 pc annually at 20.39 billion in Feb: NPCI data

“This is not just another UPI malware variant. Digital Lutera represents a structural attack on device trust. When the operating system itself is manipulated, traditional safeguards like SIM-binding and app signature checks become unreliable. If left unaddressed, this could industrialise account takeovers at scale across the digital payments ecosystem,” CloudSEK, Threat Researcher, Shobhit Mishra said.

CloudSEK claims to have done an analysis of one such group alone which indicates that transactions worth Rs 25-30 lakh were processed over just two days, highlighting how quickly the fraud model is scaling and the number of victims’ connections.

UPI custodian National Payments Corporation of India (NPCI) said that the digital payment has robust checks in place to handle “such risks”. “NPCI has examined the report and clarifies that robust checks and safeguards are already in place to address such risks. UPI is designed with multiple layers of security and authentication mechanisms to ensure that transactions remain safe and secure,” an NPCI statement said.

NPCI said it continues to work closely with banks and ecosystem partners to monitor risks and strengthen security measures, ensuring that digital payments remain safe and reliable for users. SIM-binding has been treated as a proof that a bank account is securely tied to a specific device. UPI apps process transactions after verifying the SIM of the phone number with which the account associated with it is installed in the mobile phone.

CloudSEK said the attack typically begins when a user unknowingly installs a malicious APK disguised as something routine, such as a traffic fine notice or a wedding invitation. Once installed, the malware gains access to the victim’s phone’s SMS permissions.

Once the Digital Lutera tool kit is installed, attackers use a specialised Android framework tool on their own device to manipulate system-level identity and SMS functions. The attacker is then able to intercept registration messages meant for the banks and OTPs are silently forwarded to Telegram channels controlled by the attackers.

“Fake “sent” SMS entries are inserted into the phone’s message records to make everything appear legitimate. The result is disturbing: a victim’s UPI account can be registered and controlled on a completely different device — even though the actual SIM card never leaves the victim’s phone,” the report said.

The cyber intelligence firm said that after manipulating the android device, it makes the UPI app believe that messages for verification have genuinely emanated from the smartphone. CloudSEK said that it has informed relevant regulators and financial institutions to help them prepare and take proactive mitigation measures as part of responsible disclosure.

  • Follow Us :
  • Tags
  • Business News
  • CloudSEK
  • Cyberfraud
  • malware

Related News

  • Centre considers uniform rules for messaging platforms after WhatsApp username row

    Centre considers uniform rules for messaging platforms after WhatsApp username row

  • Centre mulls uniform rules for messaging apps after WhatsApp username feature row

    Centre mulls uniform rules for messaging apps after WhatsApp username feature row

  • Telegram replies to MeitY notice on username feature; govt reviewing response

    Telegram replies to MeitY notice on username feature; govt reviewing response

  • Centre orders Telegram to crack down on pirated films and OTT content

    Centre orders Telegram to crack down on pirated films and OTT content

Latest News

  • Millennials now make up 55% of India’s C-Suite: LinkedIn data

    5 mins ago
  • Hyderabad Public School Ramanthapur holds Investiture Ceremony

    10 mins ago
  • ECI allows voters living abroad or outside State to submit enumeration forms online

    15 mins ago
  • Future wars may use AI, but trained soldiers will win them: Rajnath Singh

    22 mins ago
  • Shabad Killings: KTR targets Revanth Government over law and order

    22 mins ago
  • KTR claims Revanth avoiding Kanepally operations to deny credit to KCR

    24 mins ago
  • Dhanush unveils title of new Vetrimaaran film ‘Thamizh Murugan’

    28 mins ago
  • Ashwini Vaishnaw urges IT industry to tap semiconductor opportunity

    36 mins ago

company

  • Home
  • About Us
  • Contact Us
  • Privacy Policy

business

  • Subscribe

telangana today

  • Telangana
  • Hyderabad
  • Latest News
  • Entertainment
  • World
  • Andhra Pradesh
  • Science & Tech
  • Sport

follow us

  • Telangana Today Telangana Today
Telangana Today Telangana Today

© Copyrights 2024 TELANGANA PUBLICATIONS PVT. LTD. All rights reserved. Powered by Veegam